You are on page 1of 11

2.

Thut ton ch k s RSA


Phng php ch k s RSA c xy dng da trn thut ton m ha kha

cng khai RSA. to mt cp kha, RSA thc hin cc bc sau: Chn 2 s nguyn t ln ngu nhin p, q. Nhm c s an ton ti a nn chn p v q c di bng nhau.
Tnh n=pq v =(p1)(q1). Chn ngu nhin mt s nguyn e (1<e<) sao cho gcd(e, )=1 vi

gcd l c s chung ln nht.


Tnh: d=e1 mod .

Kt qu l ta c c cp kha: kha cng khai (n,e) v kha b mt (n,d). Hai ngi s s dng chung mt hm bm an ton trc hin tng xung t. k mt thng ip m, ngi k thc hin cc bc sau: Dng hm bm bm thng ip m: h=(m).
To ch k s s dng kha b mt (n,d) tnh:

s=h mod n.
d

Ch k ca m l s v c gi km vi thng ip m n ngi nhn. xc nhn ch k, ngi nhn thc hin cc bc sau: S dng kha cng khai (n,e) ca ngi k gii m ch k: h=s mod n.
e

=H(m). Chp nhn ch k nu h=h. Ngc li t chi ch k. Thut ton ch k s DSA

S dng cng hm bm vi ngi k bm thng ip m: h

chng thc

Trong mt m hc, chng thc kha cng khai (cn gi l chng thc s / chng thc in t) l mt chng thc s dng ch k s gn mt kha cng khai vi mt thc th (c nhn, my ch hoc cng ty...). Mt chng thc kha cng khai tiu biu thng bao gm kha cng khai v cc thng tin (tn, a ch...) v thc th s hu kha . Chng thc in t c th c s dng kim tra mt kha cng khai no thuc v ai. CA pht hnh cc chng thc kha cng khai trong th hin rng CA chng nhn kha cng khai nm trong mi chng thc thuc v c nhn, t chc, my ch hay bt k thc th no ghi trong cng chng thc . Nhim v ca CA l kim tra tnh chnh xc ca thng tin lin quan ti thc th c cp chng thc. Khi ngi s dng tin tng vo mt CA v c th kim tra ch k s ca CA th h cng c th tin tng vo kha cng khai v thc th c ghi trong chng thc. [9]

1. H tng kha cng khai (PKI)


1. PKI l g
hiu r v vic xy dng c PKI v vn cp pht chng thc s c vai tr v ng dng nh th no trong thng mi in t. Chng ta s i phn tch tng kha cnh xung quanh PKI. Trc tin chng hiu th no l PKI v tnh cp thit ca PKI hin nay : PKI : vit tt ca Public Key Infrastructure tc l h tng c s kha cng khai. L mt c ch cho mt bn th 3 (thng l nh cung cp chng thc s) cung cp v xc thc nh danh cc bn tham gia vo qu trnh trao i thng tin. C ch ny cng cho php gn cho mi ngi s dng trong h thng mt cp kha cng khai/kha b mt. Trong k nguyn bng n ca cng ngh thng tin, mi giao dch t xa c th thng qua internet. Tuy nhin, mt khc kh m bo m rng nhng giao dch trn Internet lun an ton. C s h tng kha cng khai (PKI) p ng nhng yu cu cp thit . Da trn cch s dng ca cha kha mt m cng cng v ch k in t, mt PKI chnh l b khung ca cc chnh sch, dch v v phn mm m ha, p ng nhu cu bo mt ca ngi s dng.

1. C s h tng kha cng khai

Hnh 1.4 : M hnh xy dng PKI c bn

PKI cung cp mt cp cha kha, trong c mt cha l cha kha cng khai (Public key) c th s dng dch v, cha cn li l cha kha b mt (Private key) m ngi s dng phi gi b mt. Hai cha kha ny c lin quan mt thit n nhau, sao cho mt thng ip c m ha bi mt cha kha mt m cng khai th ch gii m c bi mt cha kha b mt tng ng. V d v m hnh x dng xc thc : Gi s c 2 ngi dng Bob v Alice mun chuyn th in t cho nhau m bo tnh xc thc v bo mt h dng 1 phn mm PKI

Hnh ng

Trng thi ca h thng PKI

Bob mun chuyn mt th in t n Phn mm PKI dng cha kha c nhn cho Alice, vi yu cu rng giao dch ca Bob to ra mt ch k in t cho phi chng minh c chnh anh gi bc th n i v ni dung bc th khng b thay i. Bob mun chc chn rng khng ai Phn mm PKI ca Bob dng cha kha ngoi Alice c c bc th ny cng cng ca Alice m ha thng ip ca Bob. Alice mun c th do Bob gi Phn mm PKI dng cha kha c nhn ca Alice gii m thng ip.

Alice mun kim chng rng chnh Bob Phn mm PKI ca Alice dng cha kha gi i thng ip v ni dung cng cng ca Bob kim chng ch thng ip khng b chnh sa. k in t ca anh ta. Bng 1.5 : M hnh s dng xc thc
1.

Mt vi kin trc v cng ngh PKI hin hnh


Mc tiu chnh ca PKI l cung cp kha cng khai v xc nh mi lin h gia kha v nh dng ngi dng. Nh vy ngi dng c th s dng trong mt s ng dng nh: M ho Email hoc xc thc ngi gi Email (OpenPGP hay S/MIME).

1. Mt s ng dng

M ha hoc nhn thc vn bn (Cc tiu chun Ch k XML* hoc m ho XML* khi vn bn c th hin di dng XML). Xc thc ngi dng ng dng (ng nhp bng th thng minh smartcard, nhn thc ngi dng trong SSL). Cc giao thc truyn thng an ton dng k thut Bootstrapping (IKE, SSL): trao i kha bng kha bt i xng, cn m ha bng kha i xng.

1. Mt s h thng PKI

Di y l danh sch mt s h thng PKI, trong mt s nh cung cp chng thc s hng u (v d VeriSign) khng c lit k v cc phn mm ca h khng c cng b cng khai : H thng qun l chng thc Red Hat Computer Associate eTrust PKI Microsoft OpenCA (Mt m hnh PKI m ngun m) RSA Security IDX-PKI Simple CA

1. t vn ?
xy dng mt c s h tng chng ta phi gii quyt s b nhng vn sau y : Lm sao cp pht kha cng khai v kha b mt cho tng ngi. Vn ng k kha cng khai vi mt CA Vn thu hi/cp pht li kha cng khai Vn kim chng kha cng khai Lm sao t kha cng khai ca 1 ngi h thng PKI phi xc nh xem ch k s c phi ca ngi hay khng. Vn ton vn d liu. H thng PKI phi xc nh xem liu tin nhn gi i gia client v server c b thay i hay khng? Mt thng ip c m ha bi mt cha kha mt m cng khai th ch gii m c bi mt cha kha b mt tng ng. Kha ca bn th 3 bn thm nh s do cp hay t chc no gim inh. Hay phi c c ch no chng gi mo bn chng thc.

Cc Vn lin quan n chng thc s cp pht, xc thc v qun l ti server ra sao.


1.

Cc vn s gii quyt trong kha lun


Vi nhng yu cu v mt h thng PKI nh trn chng ta phi xy dng bi ton nh th no.Chng trnh thit k phi bao gm 3 i tng : Server : Cho php ngi dng trong h thng ng k kha cng khai. Cp pht 1 chng thc s (certificat) cho ngi dng nu kha cng khai hp l
Qun l kha cng khai, Thu hi/cp pht li chng thc s

Cho php bn th 3 kim tra tnh ng n ca 1 chng thc s bt k

User : H thng PKI cp pht mt kha cng khai cho user v kha b mt (Kha ring) do PKI client cp pht v user phi gi b mt. To ch k s cho tng vn bn ngu nhin. Bn th 3 l bn thm nh v nh gi : Cp pht v bo mt Kha ring v kha cng khai ca CA.

2.6.Cp

2.6.1.1.Sinh cp kha ngu nhin (PKI client)

2.6.1.Cp pht chng thc s

pht v xc thc chng thc s

Ti Client h thng PKI s cp pht cp kha ring v kha cng khai


H thng PKI(c th PKI client) s s dng 1 thut ton bt k hp l c

chn la sinh cp kha ngu nhin. Chng hn y l thut ta RSA. Cp kha ngu nhin c sinh ra t 2 s nguyn t ngu nhin lp ln. Cp kha ngu nhin y l :
Kha cng khai : (n,e) Kha b mt

: (n,d)

2.6.1.2.To ch k s Sau khi to cp kha ngu nhin , h thng PKI client s to ra ch k s tng ng vi cp kha ngu nhin ca tng client v k theo tng vn bn ngu nhin. 2.6.1.3.Cp pht chng thc s

Sau khi PKI client to cp kha ring v kha cng khai ng thi to ch k s cho client tng ng. Thng tin bo mt s c gi n server.

Ti server, server s xc thc nhng thng tin m client gi n c chnh xc v ng n.Nu thng tin xc thc l ng n(kha cng khai, ch k s, gi tr bm ca vn bn, tin nhn) server s cp pht cho client 1 chng thc s bao gm cc thng tin sau : tn, tui, a ch.. cc thng tin c nhn khc, kha cng khai, ngy to, ngy ht hn, v ID ca chng thc s. ID ca chng thc s c tnh duy nht vi mi client. 2.6.1.4.Thu hi v cp pht li chng thc s

Mt chng thc s b thu hi khi no : Khi m chng thc s ht hn s dng, chng thc s b thu hi ra hn hoc cp mt chng thc s mi Khi client pht hin kha b mt ca ngi ny b l hoc server pht hin thy hm bm mt m ca mnh b l hoc cc thng tin bo mt khc ca 1 client b r r Cp pht li chng thc s :

Client s gi yu cu n server yu cu v 1 bn thng tin(a ch,

kha cng khai,kha ring) ca client ng k mt bn chng thc s mi.


2.6.2.Xc thc chng thc s

Khi bn gi mt thng tin km chng ch s, ngi nhn - c th l i tc kinh doanh, t chc hoc c quan chnh quyn - s xc nh r c danh tnh ca bn. C ngha l d khng nhn thy bn, nhng qua h thng chng ch s m bn v ngi nhn cng s dng, ngi nhn s bit chc chn l bn ch khng phi l mt ngi khc. Xc thc l mt tnh nng rt quan trng trong vic thc hin cc giao dch in t qua mng, cng nh cc th tc hnh chnh vi c quan php quyn. Cc hot ng ny cn phi xc minh r ngi gi thng tin s dng t cch php nhn. y chnh l nn tng ca mt Chnh ph in t, mi trng cho php cng dn c th giao tip, thc hin cc cng vic hnh chnh vi c quan nh nc hon ton qua mng. C th ni, chng ch s l mt phn khng th thiu, l phn ct li ca Chnh ph in t. Mt ngi th 3 bt k(C th l 1 client khc, khch cha ng k chng thc s) u c th kim tra c tnh ng n ca 1 chng thc s. Bng cch PKI client s cung cp 1 dch v xc thc. Ngi dng c th nhp vo ID ca 1 chng thc s bt k cn kim tra v gi thng tin ln server. Nu chng thc s tn ti server s tr li thng bo cho client va kim tra.
2.7.ng

dng ca h tng kha cng khai v cp pht chng thc


ha

2.7.1.M

Li ch u tin ca chng ch s l tnh bo mt thng tin. Khi ngi gi m ha thng tin bng kha cng khai ca bn, chc chn ch c bn mi gii m dc thng tin c. Trong qa trnh truyn thng tin qua Internet, d c c c cc gi tin m ha ny, k xu cng khng th bit c trong gi tin c thng tin g. y l mt tnh nng rt quan trng, gip ngi s dng hon ton tin cy v kh nng bo mt thng tin. Nhng trao i thng tin cn bo mt cao, chng hn giao dch lin ngn hng, ngn hng in t, thanh ton bng th tn dng, u cn phi c chng ch s m bo an ton.
2.7.2.Chng

gi mo

Khi bn gi i mt thng tin, c th l mt d liu hoc mt Email, c s dng chng ch s, ngi nhn s kim tra c thng tin ca bn c b thay i hay khng. Bt k mt s sa i hay thay th ni dung ca thng ip gc u s b pht hin. a ch mail, tn domain... u c th b k xu lm gi nh la ngi nhn ly lan virus, n cp thng tin quan trng. Tuy nhin, chng ch s th khng th lm gi, nn vic trao i thng tin c km chng ch s lun m bo an ton.

2.7.3.Xc

thc

Khi s dng mt chng ch s, ngi nhn c th l i tc kinh doanh, t chc hoc c quan chnh quyn- s xc nh r c danh tnh ca bn. C ngha l d khng nhn thy bn, nhng qua h thng chng ch s m bn v ngi nhn cng s dng, ngi nhn s bit chc chn l bn ch khng phi ai khc. Xc thc l mt tnh nng rt quan trng trong vic giao dch in t qua mng, cng nh cc th tc hnh chnh vi c quan vi c quan php quyn. Cc hot ng ny cn phi xc minh r ngi gi thng tin s dng t cch php nhn. y chnh l nn tng ca mt chnh ph in t, mi trng cho php cng dn c th giao tip. C th ni, chng ch s l mt phn khng th thiu, l phn ct li ca chnh ph in t.
2.7.4.Chng

chi b ngun gc

Khi s dng mt chng ch s, bn phi chu trch nhim hon ton v nhng thng tin m chng ch s i km. Trong trng hp ngi gi chi ci, ph nhn mt thng tin no khng phi do mnh gi(chng hn qua mng) chng ch s m ngi nhn c c s l bng chng khng nh ngi gi l tc gi ca thng tin . Trong trng hp chi b, CA cung cp chng ch s cho hai bn s chu trch nhim xc minh ngun gc thng tin, chng t ngun gc thng tin c gi.
2.7.5.Ch

k in t

Email ng vai tr kh quan trng trong trao i thng tin hng ngy ca chng ta v u im nhanh, r v d s dng. Nhng thng ip c th gi i nhanh chng qua internet n khch hng ng nghip, nh cung cp v i tc. Tuy nhin, email rt d b c bi cc Hacker. Nhng thng ip c th b c hay b gi mo trc khi n ngi nhn. Bng vic s dng chng ch c nhn, bn s ngn nga c cc nguy c ny m vn khng lm gim nhng li th ca Email. Vi chng ch s c nhn, bn

c th to thm mt ch k in t vo email nh mt bng chng xc nhn ca mnh. Ch k in t cng c tnh nng xc thc thng tin, ton vn d liu v chng chi b ngun gc. Ngoi ra, chng ch s c nhn cn cho php ngi dng c th chng thc mnh vi mt web server thng qua giao thc bo mt SSL. Phng php chng thc da trn chng ch s c nh gi l tt, an ton bo mt hn phng php chng thc truyn thng da trn mt khu.
2.7.6.Bo

mt website

Khi website ca bn s dng cho mc ch thng mi in t hay cho nhng mc ch quan trng khc, nhng thng tin trao i gia bn v khch hng c th b l. trnh nguy c ny, bn c th dng chng ch s SSL server bo mt cho Website ca mnh. Chng ch s SSL server s cho php bn lp cu hnh website ca mnh theo giao thc bo mt SSL(Secure Sockets Layer). Cc tnh nng ni bt: Thc hin mua bn bng th tn dng. Bo v nhng thng tin c nhn nhy cm xa khch hng m bo hacker khng th d tm c mt khu.
2.7.7.m

bo phn mm

Chng ch s nh pht trin phn mm s cho php bn k vo cc applet, script, Java software, ActiveX control, cc file nh dng EXE, CAB, DLL... Nh vy, thng qua chng ch s bn s m bo tnh hp php cng nh ngun gc xut x ca sn phm. Hn na ngi dng c th xc thc c bn l nh cung cp, pht hin c s thay i ca chng trnh(virus, crack, bn lu...).

2.8.OpenCA

h thng h tng kha cng khai trong thc t

2.8.1.nh ngha :

OpenCA l mt h thng m ngun m, c xy dng v pht trin bi rt nhiu nh lp trnh trn th gii. OpenCA c xy dng vi mc ch to ra mt h thng cng c nhm h tr cho cc d n v bo mt.OpenCA h tr t mc thp nh m ho d liu,to ch k s cho n cc h thng an ton d liu cao cp. M ngun ca OpenCA c cung cp rng ri trn www.openca.org.T nhng c im nh trn c th thy OpenCA chnh l mt cng c rt hiu qu xy dng nhng ng dng theo m hnh h tng kho cng khai PKI. OpenCA h tr xy dng tt c cc th tc li cho mt ng dng

PKI t vic sinh kho m ho gii m d liu cho ti cc th tc cp pht,thu hi chng th,to ch k sVi tt c nhng ci ,ta c th xy dng mt ng dng theo m hnh PKI c s, phn m rng cn li s c xy dng tip theo nh hng ca nh pht trin.

Cc thnh phn chnh ca OpenCA bao gm 3 thnh phn l h thng th vin OpenSSL, c s d liu v giao din web. Trong giao din web c xy dng bng ngn ng Perl. Th vin OpenSSL thc hin cc tin trnh v m ho. [10]

2.8.2.nh gi v h OpenCA 2.8.2.1.u im ca h thng

OpenCA c thit k v xy dng theo nguyn l ca m hnh PKI v n m bo y nhng chc nng c s ca mt h PKI cn phi c: Cp pht, gia hn, thu hi chng th s, m bo tnh xc thc, an ton tin cy.

Vi cc kch bn th nghim trong thi gian di h thng hot ng kh n nh v khng xy ra nhng li nghim trng dn n t chi dch v.

H m ngun m OpenCA hon ton tng thch vi mi trng Linux v khng h gy xung t vi cc h thng khc cng ci t trn mt h iu hnh.

H thng OpenCA s dng rt nhiu chun cng nghip( nh cc chun v chng th s X509). V vy n c chp nhn v s dng rt rng ri trong thc t. 2.8.2.2.Nhng im cn hn ch ca h thng

Li khng xc nh khi RA k ln cc yu cu gi ln cho CA.


Khng lm vic c vi cc thit b s dng chun USB 2.0 Kh khn trong vic ci t v thay i.[11]